Google has arrested a Russian gang dedicated to defrauding YouTube content creators out of their accounts.

The gang's modus operandi was to get close to successful YouTube "creators" or "YouTubers" (YouTube uploaders like PewDiePie who upload original content and earn a lot of money through advertising, merchandising, and affiliate links ) and would befriend them and offer them partnerships or other types of financial or promotional agreements.

According to a post yesterday (October 20) by Ashley Shen of the Google Threat Analysis Group, the gang would then send poison files to the creators, stealing passwords and session cookies, allowing the fraudsters to take over the creators' accounts.

"We believe the actors behind this campaign are a group of hackers recruited from Russian-speaking forums," Shen wrote." They lure their targets with fake collaboration opportunities (usually antivirus software, VPNs, music players, photo editing, and online game demos), hijack their channel, and then use it to sell it to the highest bidder or to broadcast cryptocurrency scams.

Stolen accounts can be resold for up to $4,000 apiece, Shen said.

To protect your YouTube and other social media accounts from hackers and hijackers, Google recommends: [Storing passwords in your browser makes you a prime target for information-stealing malware.

Shen provided an example of an email message sent to YouTube creators offering to pay YouTubers to promote their antivirus software brands. The message stated that the YouTuber would need to install the antivirus software and demonstrate it in a video.

If the YouTuber agreed, the scammer would then send the creator a document containing an instant message, email message, PDF, or link to a website where the creator could download the software.

According to Shen, more than 1,000 malicious websites and social media accounts were created for this purpose, many of which mimicked legitimate brands such as Cisco and Steam.

However, the software YouTubers downloaded and installed contained malware that stole passwords and session cookies (small pieces of data that keep you logged into your online accounts for long periods of time). Armed with these stolen items, fraudsters were able to hijack YouTube accounts.

The masterminds of the scheme used Russian-language online forums to recruit low-level crooks to do their evil deeds, promising them 25% to 70% of the revenue from the hijacked channels, depending on the amount of evil they were willing to do.

According to Shen, after November 1, YouTube content creators with profitable channels will need to activate 2FA in their Google accounts in order to access certain YouTube tools.